Fix handling of net.inet.ipsec.dfbit=2 variable.

IP_DF macro is in host bytes order, but ip_off field is in network bytes order. So, use htons() for correct check.
2016-03-18 09:03:00 +00:00 · 2016-03-18 09:03:00 +00:00 · 6f814d0ec1
commit 6f814d0ec1
parent efdd41da26
1 changed files with 1 additions and 1 deletions
--- a/sys/netipsec/ipsec_output.c
+++ b/sys/netipsec/ipsec_output.c
@ -441,7 +441,7 @@ ipsec_encap(struct mbuf **mp, struct secasindex *saidx)
 			setdf = V_ip4_ipsec_dfbit;
 			break;
 		default:/* propagate to outer header */
-			setdf = (ip->ip_off & ntohs(IP_DF)) != 0;
+			setdf = (ip->ip_off & htons(IP_DF)) != 0;
 		}
 		itos = ip->ip_tos;
 		break;